package ctm.javacode;

import java.io.* ;
import java.sql.*;
import javax.mail.Session;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.sun.mail.handlers.message_rfc822;
import java.security.AccessControlException;

@WebServlet("/caseHistory.do")
public class caseHistory extends HttpServlet {
	
	private final String SUCCESS_VIEW = "main.jsp"; 
	
	protected void doPost(HttpServletRequest request,
								HttpServletResponse response )
								throws ServletException, IOException {
		request.setCharacterEncoding("utf-8");		
		String username = (String)request.getSession().getAttribute("login");
		String personId;
		if (request.isUserInRole("admin") || request.isUserInRole("professional") ){				
			personId = request.getParameter("personId");
		}else{
			personId = "nopersonId";
		}
			
		String count = request.getParameter("count");
		String history="";

		for(int i=1;i<=Integer.parseInt(count);i++){
			history = history + (request.getParameter("C"+i) == null ?(""):(request.getParameter("C"+i)+","));
		}
		if(history.length() != 0){
			history = history.substring(0, history.length()-1);
		}
		
		
		try {
			WriteToCaseHistory(username,history,personId);
		} catch (SQLException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (NamingException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		request.getRequestDispatcher(SUCCESS_VIEW)
		   .forward(request, response);
	} // end doPost()
	
	
	private boolean WriteToCaseHistory(String name,String history,String personId) throws SQLException, NamingException {
		Boolean isUser = false ;
		dbBean db = new dbBean("jdbc/ctmpllab") ;
		ResultSet rs ;
		//System.out.println(password);
		db.Connected();		
		try {
			if (personId.equals("nopersonId"))
				rs = db.ExcuteQuery("SELECT * FROM casehistorytable Where account = '" + name + "'");
			else
				rs = db.ExcuteQuery("SELECT * FROM casehistorytable Where account = '" + personId + "'");		    
		} catch(SQLException e) {
			throw new SQLException(e) ;
		} // end try-catch
		
		if(rs.first()){
			if (personId.equals("nopersonId"))
				db.ExcuteUpdate("UPDATE casehistorytable SET history='"+history+"' Where account = '"+ name +"'");
			else
				db.ExcuteUpdate("UPDATE casehistorytable SET history='"+history+"' Where account = '"+ personId +"'");
		}
		else{
			if (personId.equals("nopersonId"))
				db.ExcuteUpdate("INSERT INTO casehistorytable(account,history) VALUE('"+name+"','"+history+"')");
			else
				db.ExcuteUpdate("INSERT INTO casehistorytable(account,history) VALUE('"+personId+"','"+history+"')");
				//db.ExcuteUpdate("INSERT INTO casehistorytable(account,identity,history) VALUE('"+name+"','"+personId+"','"+history+"')");
		}
		
		db.CloseConn() ; // 關閉資料庫	
		return isUser ;
	} // end checkLogin()
	
} // end class login()
